Total
263664 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8051 | 1 Wordpress Plugin | 1 Special Feed Items | 2024-09-20 | 5.7 Medium |
| The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8092 | 1 Alaingg | 1 Accordion Image Menu | 2024-09-20 | 5.4 Medium |
| The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8767 | 1 Acronis | 3 Backup Extension For Plesk, Backup Plugin For Cpanel \& Whm, Backup Plugin For Directadmin | 2024-09-20 | N/A |
| Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. | ||||
| CVE-2024-44190 | 2024-09-20 | N/A | ||
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files. | ||||
| CVE-2024-44187 | 2024-09-20 | N/A | ||
| A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2024-40791 | 2024-09-20 | N/A | ||
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts. | ||||
| CVE-2024-44180 | 2024-09-20 | N/A | ||
| The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | ||||
| CVE-2024-8490 | 1 Wp-property-hive | 1 Propertyhive | 2024-09-20 | 8.8 High |
| The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-8761 | 1 Share This Image Project | 1 Share This Image | 2024-09-20 | 7.2 High |
| The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2024-8093 | 1 Lucas Garcia | 1 Posts Reminder | 2024-09-20 | 4.8 Medium |
| The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-40770 | 2024-09-20 | N/A | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | ||||
| CVE-2024-8110 | 1 Yokogawa | 1 Dual-redundant Platform For Computer \(pc2ckm\) | 2024-09-20 | 7.5 High |
| Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. | ||||
| CVE-2024-5170 | 1 Logo Manager For Enamad | 1 Logo Manager For Enamad | 2024-09-20 | 5.7 Medium |
| The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-8047 | 1 Visual Sound | 1 Visual Sound | 2024-09-20 | 5.7 Medium |
| The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-22013 | 2024-09-20 | N/A | ||
| U-Boot environment is read from unauthenticated partition. | ||||
| CVE-2024-27879 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-20 | 7.5 High |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination. | ||||
| CVE-2024-40825 | 1 Apple | 2 Macos, Visionos | 2024-09-20 | 6 Medium |
| The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files. | ||||
| CVE-2024-44198 | 2024-09-20 | N/A | ||
| An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2023-45854 | 1 Shopkit Project | 1 Shopkit | 2024-09-20 | 7.5 High |
| A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. | ||||
| CVE-2024-44132 | 1 Apple | 1 Macos | 2024-09-20 | 8.4 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. | ||||